[Løst]Har fått et virus på pcen. Finnes det et gratisprogram som kan fjerne "antivirusprolivescan.com-hijacker"?

[Gjest]

Hei, for litt siden fikk jeg et slaks virus på pc'n min, antivirusprolivescan.com-hijacker eller no sånn... er det noen som vett om et GRATIS program til å fjerne dette... har søkt på google og rundt om kring men til ingen lykke... (Har Windows Vista). og med det samme, jeg lastet ned Netcom PCsms for litt siden og nå prøver det å få tilgang till nettet og åpner Internett Explorer hele tiden og en side som heter Virus Remover 2009, kan være at dette henger sammen, men jeg vet ikke... Vær så snill og hjelp...?

Endret 18. mars 2009 av Gjest
Emnetittel

[norbat]

Kjør gjennom veiledningen og post loggene det spørres etter her i din egen tråd

[Tosha0007]

edit: norbat var før meg. Det står omtrent det same i veiledninga som eg har skrive under, så berre følg veiledninga du

 

Last ned Malwarebytes' Anti-Malware Her eller Her.''' Lagre den på Skrivebordet.

 

Kjør fila og installer programmet. Velg Norsk språkdrakt.

• Sett en hake ved siden av Oppdater Malwarebytes' Anti-Malware og Kjør Malwarebytes' Anti-Malware, og trykk Ferdig.
  

La programmet oppdatere seg og velg Utfør hurtig systemskann.

 

Du får en meldingsboks når programmet er ferdigkjørt

Klikk deretter på Vis resultat-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet.

 

Klikk så på Fjern valgt -knappen for å fjerne malwaren som evt. ble funnet.

 

Notis:

Hvis MBAM finner en fil som er vanskelig å fjerne, vil du bli spurt om to spørsmål.

Trykk OK på begge, og la MBAM gjøre seg ferdig med desinfeksjonen.

Hvis du blir spurt om å restarte maskinen, gjør du det med en gang.

 

Når MBAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk. Den poster du i tråden din om den fant noe annet enn cookies

 

--------------

 

Last ned Combofix (av sUBs), og legg det på Skrivebordet.

 

Kjør combofix.exe, og følg veiledningen.

• Du vil under oppstart av combofix bli anbefalt å installere gjenopprettingskonsollen (om du ikke har den installert fra før). Det sier du ja til.
  
• Du må ikke klikke på vinduet mens programmet kjører. Dette kan føre til at programmet fryser.
  

Hva gjør ComboFix:

 

- ComboFix er et multifix-program som er laget for å fjerne en hel del kjente infeksjoner, samt lager en logg/rapport som viser filer/prosesser/registeroppføringer som ligger på PC-en. Loggen kan avgjøre om det fortsatt ligger noe på PC-en som skal fjernes. Det kreves da at noen med erfaring kan lese loggen og fortelle hvordan man skal gå videre.

 

PS: Combofix vil blant ramse opp alle filer som har blitt opprettet den siste måneden, og kan i enkelte tilfeller også fortelle fullt navn og annen informasjon som kan betraktes som sensitiv. Av den grunn bør du gå gjennom loggen og se om du finner informasjon du ikke vil dele med alle, og sensurere det.

 

Post loggfilen fra Combofix (c:\combofix.txt)

Endret 18. mars 2009 av tosha0007

[Gjest]

edit: norbat var før meg. Det står om trent det same i veiledninga som eg har skrive under, så berre følg veiledninga du

 

Last ned Malwarebytes' Anti-Malware Her eller Her.''' Lagre den på Skrivebordet.

 

Kjør fila og installer programmet. Velg Norsk språkdrakt.

• Sett en hake ved siden av Oppdater Malwarebytes' Anti-Malware og Kjør Malwarebytes' Anti-Malware, og trykk Ferdig.
  

La programmet oppdatere seg og velg Utfør hurtig systemskann.

 

Du får en meldingsboks når programmet er ferdigkjørt

Klikk deretter på Vis resultat-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet.

 

Klikk så på Fjern valgt -knappen for å fjerne malwaren som evt. ble funnet.

 

Notis:

Hvis MBAM finner en fil som er vanskelig å fjerne, vil du bli spurt om to spørsmål.

Trykk OK på begge, og la MBAM gjøre seg ferdig med desinfeksjonen.

Hvis du blir spurt om å restarte maskinen, gjør du det med en gang.

 

Når MBAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk. Den poster du i tråden din om den fant noe annet enn cookies

 

--------------

 

Last ned Combofix (av sUBs), og legg det på Skrivebordet.

 

Kjør combofix.exe, og følg veiledningen.

• Du vil under oppstart av combofix bli anbefalt å installere gjenopprettingskonsollen (om du ikke har den installert fra før). Det sier du ja til.
  
• Du må ikke klikke på vinduet mens programmet kjører. Dette kan føre til at programmet fryser.
  

Hva gjør ComboFix:

 

- ComboFix er et multifix-program som er laget for å fjerne en hel del kjente infeksjoner, samt lager en logg/rapport som viser filer/prosesser/registeroppføringer som ligger på PC-en. Loggen kan avgjøre om det fortsatt ligger noe på PC-en som skal fjernes. Det kreves da at noen med erfaring kan lese loggen og fortelle hvordan man skal gå videre.

 

PS: Combofix vil blant ramse opp alle filer som har blitt opprettet den siste måneden, og kan i enkelte tilfeller også fortelle fullt navn og annen informasjon som kan betraktes som sensitiv. Av den grunn bør du gå gjennom loggen og se om du finner informasjon du ikke vil dele med alle, og sensurere det.

 

Post loggfilen fra Combofix (c:\combofix.txt)

Takk!

[Tosha0007]

Det er diverre ikkje sikkert Malwarebytes' fjerner alt automatisk, så det er lurt at du poster både Malwarebytes' og Combofix loggen slik at me kan sjå om det er meir som må fjernast manuelt. Dersom det er informasjon du er redd for, kan du anten sensure det eller sende loggane på PM til ein av oss som er aktive i denne delen av forumet.

Endret 19. mars 2009 av tosha0007

[Gjest]

Det er diverre ikkje sikkert Malwarebytes' fjerner alt automatisk, så det er lurt at du poster både Malwarebytes' og Combofix loggen slik at me kan sjå om det er meir som må fjernast manuelt. Dersom det er informasjon du er redd for, kan du anten sensure det eller sende loggane på PM til ein av oss som er aktive i denne delen av forumet.

 

 

 

 

LOGG:

 

Malwarebytes' Anti-Malware 1.34

Databaseversjon: 1749

Windows 6.0.6001 Service Pack 1

 

18.03.2009 21:25:10

mbam-log-2009-03-18 (21-25-10).txt

 

Skanntype: Rask Skann

Objekter skannet: 60484

Tid tilbakelagt: 6 minute(s), 22 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 2

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 2

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\Users\GodkilleR\AppData\Local\Temp\7672.exe (Trojan.FakeAlert) -> Delete on reboot.

C:\Program Files\smss.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

[Tosha0007]

Har du ein Combofix logg og til oss

[Gjest]

Har du ein Combofix logg og til oss

 

En slik logg som dette?:

 

 

ComboFix 09-03-15.01 - GodkilleR 2009-03-21 18:08:26.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.2525.1794 [GMT 1:00]

Kjører fra: c:\users\GodkilleR\Desktop\ComboFix.exe

* Opprettet nytt gjenopprettingspunkt

* Resident AV is active

 

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

D:\resycled

d:\resycled\ntldr.com

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-02-21 til 2009-03-21 )))))))))))))))))))))))))))))))))

.

 

2009-03-19 08:11 . 2009-03-18 19:28 58,372 --a------ c:\windows\msc.exe

2009-03-18 21:28 . 2009-03-18 19:28 58,372 --a------ c:\windows\msb.exe

2009-03-18 21:17 . 2009-03-18 21:17 <DIR> d-------- c:\users\GodkilleR\AppData\Roaming\Malwarebytes

2009-03-18 21:17 . 2009-03-18 21:17 <DIR> d-------- c:\users\All Users\Malwarebytes

2009-03-18 21:17 . 2009-03-18 21:17 <DIR> d-------- c:\programdata\Malwarebytes

2009-03-18 21:17 . 2009-03-18 21:17 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-03-18 21:17 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2009-03-18 21:17 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2009-03-18 19:55 . 2009-03-18 21:27 <DIR> d-------- c:\program files\Common Files\PC Tools

2009-03-18 19:33 . 2009-03-18 19:33 <DIR> d-------- c:\users\GodkilleR\AppData\Roaming\Yahoo!

2009-03-18 19:33 . 2009-03-18 19:33 <DIR> d-------- c:\users\All Users\Yahoo! Companion

2009-03-18 19:33 . 2009-03-18 19:33 <DIR> d-------- c:\programdata\Yahoo! Companion

2009-03-18 19:33 . 2009-03-18 19:33 <DIR> d-------- c:\program files\Enigma Software Group

2009-03-18 19:28 . 2009-03-18 19:28 58,372 --a------ c:\windows\msa.exe

2009-03-17 16:53 . 2009-03-17 16:54 <DIR> d-------- C:\vcs5core

2009-03-17 16:53 . 2009-03-17 16:53 <DIR> d-------- C:\vcs5BGEffects

2009-03-17 16:53 . 2009-03-17 16:53 <DIR> d-------- C:\AV_LOGS

2009-03-17 09:56 . 2009-03-17 16:52 <DIR> d-------- c:\program files\AV Vcs 6.0 DIAMOND

2009-03-16 20:42 . 2009-03-16 20:42 <DIR> d-------- c:\users\All Users\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

2009-03-16 20:42 . 2009-03-16 20:42 <DIR> d-------- c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

2009-03-16 20:42 . 2009-03-16 20:42 <DIR> d-------- c:\program files\iTunes

2009-03-16 20:42 . 2009-03-16 20:42 <DIR> d-------- c:\program files\iPod

2009-03-16 20:42 . 2008-04-17 12:12 107,368 --a------ c:\windows\System32\GEARAspi.dll

2009-03-16 20:42 . 2009-01-15 12:19 23,848 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys

2009-03-16 10:17 . 2009-03-16 11:35 <DIR> d-------- c:\users\GodkilleR\AppData\Roaming\VoipStunt

2009-03-15 22:41 . 2009-03-15 22:43 <DIR> d-------- c:\program files\ANPARK

2009-03-15 21:51 . 2009-03-15 21:52 4,863 --a------ c:\windows\Uninstall\FAKEFACTORY CM9 Uninstall Log.txt

2009-03-14 23:48 . 2009-03-14 23:48 <DIR> d-------- c:\program files\Ai

2009-03-14 23:43 . 2009-03-14 23:43 <DIR> d-------- c:\program files\Common Files\Software Update Utility

2009-03-14 23:42 . 2009-03-14 23:42 <DIR> d-------- c:\users\All Users\Viewpoint

2009-03-14 23:42 . 2009-03-14 23:44 <DIR> d-------- c:\users\All Users\AOL OCP

2009-03-14 23:42 . 2009-03-14 23:42 <DIR> d-------- c:\users\All Users\AOL

2009-03-14 23:42 . 2009-03-14 23:42 <DIR> d-------- c:\programdata\Viewpoint

2009-03-14 23:42 . 2009-03-14 23:44 <DIR> d-------- c:\programdata\AOL OCP

2009-03-14 23:42 . 2009-03-14 23:42 <DIR> d-------- c:\programdata\AOL

2009-03-14 23:42 . 2009-03-14 23:42 <DIR> d-------- c:\program files\Viewpoint

2009-03-14 23:42 . 2009-03-15 21:48 <DIR> d-------- c:\program files\Common Files\AOL

2009-03-14 23:41 . 2009-03-14 23:48 731 --ah----- C:\IPH.PH

2009-03-13 00:16 . 2009-03-13 00:16 0 --a------ c:\windows\nsreg.dat

2009-03-11 22:50 . 2009-03-11 22:50 <DIR> d--h----- c:\users\All Users\CanonBJ

2009-03-11 22:50 . 2009-03-11 22:50 <DIR> d--h----- c:\programdata\CanonBJ

2009-03-11 13:01 . 2009-03-12 18:18 <DIR> d-------- c:\users\GodkilleR\AppData\Roaming\SEW

2009-03-11 13:01 . 2009-03-18 21:09 <DIR> d-------- c:\program files\NetCom pcSMS Selvstendig

2009-03-11 11:57 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll

2009-03-11 11:57 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx

2009-03-11 11:57 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll

2009-03-11 11:56 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys

2009-03-11 11:56 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll

2009-03-05 18:48 . 2009-03-05 18:48 <DIR> d-------- c:\windows\Downloaded Installations

2009-03-05 16:27 . 2008-03-13 17:48 290,816 --a------ c:\windows\RTKVADDA.EXE

2009-03-05 16:20 . 2009-03-05 16:20 <DIR> d-------- c:\program files\Realtek

2009-03-05 16:17 . 2008-03-05 18:07 520,192 --a------ c:\windows\RtlExUpd.dll

2009-03-04 12:21 . 2009-03-04 12:21 <DIR> d-------- c:\users\GodkilleR\AppData\Roaming\Unigraphics Solutions

2009-03-04 12:07 . 2009-03-04 12:14 <DIR> d-------- c:\program files\Solid Edge V20

2009-03-02 12:40 . 2009-03-20 22:28 <DIR> d-------- c:\users\All Users\Google Updater

2009-03-02 12:40 . 2009-03-20 22:28 <DIR> d-------- c:\programdata\Google Updater

2009-03-02 12:40 . 2009-03-02 13:05 <DIR> d-------- c:\program files\Google

2009-03-02 08:44 . 2009-03-02 08:45 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE

2009-03-01 22:06 . 2009-03-01 22:31 <DIR> d-------- c:\program files\EA GAMES

2009-03-01 21:52 . 2004-08-18 09:34 442,368 -ra------ c:\windows\System32\vp6vfw.dll

2009-02-28 07:06 . 2009-02-28 07:06 <DIR> d-------- c:\program files\Bonjour

2009-02-25 16:04 . 2009-02-25 20:07 <DIR> d-------- C:\HammerAutosave

2009-02-24 20:29 . 2009-02-24 20:29 975 --a------ c:\windows\Uninstall\FAKEFACTORY CM Setup Log.txt

2009-02-24 19:55 . 2009-03-15 21:52 <DIR> d-------- c:\windows\Uninstall\FAKEFACTORY CM9

2009-02-24 19:54 . 2009-03-15 21:51 <DIR> d-------- c:\windows\Uninstall

2009-02-24 19:54 . 2009-02-24 20:28 12,861 --a------ c:\windows\Uninstall\FAKEFACTORY CM9 Setup Log.txt

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-21 10:02 --------- d-----w c:\program files\Common Files\Steam

2009-03-21 09:48 --------- d-----w c:\users\GodkilleR\AppData\Roaming\LimeWire

2009-03-18 20:12 --------- d---a-w c:\programdata\Temp

2009-03-16 19:42 --------- d-----w c:\programdata\Apple Computer

2009-03-16 19:42 --------- d-----w c:\program files\Common Files\Apple

2009-03-15 20:50 --------- d-----w c:\program files\Microsoft Games

2009-03-15 20:47 --------- d-----w c:\program files\Xplorer 360

2009-03-13 23:42 --------- d-----w c:\program files\Windows Mail

2009-03-05 15:20 319,456 ----a-w c:\windows\DIFxAPI.dll

2009-03-05 15:20 --------- d--h--w c:\program files\InstallShield Installation Information

2009-03-04 11:06 --------- d-----w c:\program files\Common Files\InstallShield

2009-02-28 21:20 8 ----a-w c:\program files\beta.txt

2009-02-21 09:36 --------- d-----w c:\program files\Windows Live

2009-02-19 09:44 --------- d-----w c:\users\GodkilleR\AppData\Roaming\Sony

2009-02-19 09:26 --------- d-----w c:\users\GodkilleR\AppData\Roaming\Publish Providers

2009-02-19 09:26 --------- d-----w c:\users\GodkilleR\AppData\Roaming\NetMedia Providers

2009-02-19 09:21 --------- d-----w c:\program files\Sony Setup

2009-02-16 15:39 --------- d-----w c:\users\GodkilleR\AppData\Roaming\Apple Computer

2009-02-16 14:01 --------- d-----w c:\program files\QuickTime

2009-02-16 14:00 --------- d-----w c:\program files\Apple Software Update

2009-02-16 13:58 --------- d-----w c:\programdata\Apple

2009-02-15 23:06 --------- d-----w c:\programdata\Office Genuine Advantage

2009-02-13 12:56 --------- d-----w c:\programdata\eSobi

2009-02-12 00:54 --------- d-----w c:\program files\Valve

2009-02-11 00:19 201,728 ----a-w c:\windows\System32\Rockstar Monolith.scr

2009-02-11 00:15 --------- d-----w c:\program files\directx

2009-02-11 00:14 --------- d-----w c:\program files\Rockstar Games

2009-02-10 07:54 --------- d-----w c:\program files\Delta

2009-02-10 07:38 --------- d-----w c:\program files\Fsh3demo

2009-02-08 20:53 --------- d-----w c:\program files\Microsoft

2009-02-08 20:50 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition

2009-02-08 20:40 --------- d-----w c:\program files\FreePOPs

2009-02-07 20:01 --------- d-----w c:\program files\Nidesoft Studio

2009-02-06 18:59 308,104 ----a-w c:\windows\WLXPGSS.SCR

2009-02-06 17:52 49,504 ----a-w c:\windows\System32\sirenacm.dll

2009-02-04 23:59 --------- d-----w c:\users\GodkilleR\AppData\Roaming\CyberLink

2009-02-04 23:59 --------- d-----w c:\programdata\PlayMovie

2009-02-04 23:59 --------- d-----w c:\programdata\CyberLink

2009-02-02 11:37 --------- d-----w c:\programdata\Microsoft Help

2009-02-02 07:06 --------- d-----w c:\program files\McAfee

2009-02-02 01:30 --------- d-----w c:\program files\BitLord

2009-02-01 14:51 --------- d-----w c:\programdata\SiteAdvisor

2009-02-01 14:51 --------- d-----w c:\programdata\McAfee

2009-01-31 17:02 --------- d-----w c:\program files\Windows Live SkyDrive

2009-01-31 15:57 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2009-01-31 14:18 --------- d-----w c:\program files\MSXML 4.0

2009-01-31 14:18 --------- d-----w c:\program files\Microsoft Works

2009-01-30 21:04 --------- d-----w c:\program files\Common Files\Windows Live

2009-01-30 16:40 --------- d-----w c:\program files\Opera

2009-01-30 15:32 --------- d-----w c:\program files\LimeWire

2009-01-30 15:31 410,984 ----a-w c:\windows\System32\deploytk.dll

2009-01-30 15:31 --------- d-----w c:\program files\Java

2009-01-30 14:24 --------- d-----w c:\program files\Codec Pack - All In 1

2009-01-30 14:23 737,280 ----a-w c:\windows\iun6002.exe

2009-01-30 13:52 --------- d-----w c:\users\GodkilleR\AppData\Roaming\vlc

2009-01-30 13:49 --------- d-----w c:\program files\VideoLAN

2009-01-30 09:51 --------- d-----w c:\users\GodkilleR\AppData\Roaming\ATI

2009-01-30 09:51 --------- d-----w c:\program files\Acer GameZone

2009-01-30 09:06 --------- d-----w c:\programdata\ATI

2009-01-30 08:57 --------- d-----w c:\program files\Acer Incorporated

2009-01-30 08:56 --------- d-----w c:\program files\Acer Arcade Deluxe

2009-01-30 08:29 --------- d-----w c:\program files\Acer Inc

2009-01-30 08:26 --------- d-----w c:\program files\ATI Technologies

2009-01-30 08:19 --------- d-----w c:\program files\ATI

2009-01-30 08:18 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf

2009-01-30 08:18 --------- d-----w c:\program files\Apoint2K

2009-01-30 08:16 --------- d-----w c:\program files\Launch Manager

2009-01-30 08:05 --------- d-----w c:\users\GodkilleR\AppData\Roaming\eSobi

2009-01-30 08:02 --------- d-----w c:\program files\Acer

2009-01-30 08:00 --------- d-sh--w c:\programdata\Start-meny

2009-01-30 08:00 --------- d-sh--w c:\programdata\Skrivebord

2009-01-30 08:00 --------- d-sh--w c:\programdata\Programdata

2009-01-30 08:00 --------- d-sh--w c:\programdata\Maler

2009-01-30 08:00 --------- d-sh--w c:\programdata\Favoritter

2009-01-30 08:00 --------- d-sh--w c:\programdata\Dokumenter

2009-01-30 08:00 --------- d-sh--w c:\program files\Fellesfiler

2009-01-30 07:49 --------- d-----w c:\program files\AMD

2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll

2008-12-31 16:04 691,560 ----a-w c:\windows\System32\OGACheckControl.dll

2008-12-31 16:04 528,744 ----a-w c:\windows\System32\OGAVerify.exe

2008-12-31 16:04 502,120 ----a-w c:\windows\System32\OGAAddin.dll

2008-12-27 14:18 5,120 ----a-w c:\windows\System32\lwel-manifest.dll

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 22:38 121392 --a------ c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885400]

"Steam"="c:\program files\valve\steam\steam.exe" [2009-02-12 1410296]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]

"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-05-09 397312]

"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]

"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]

"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-05-27 850440]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]

"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]

"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-30 136600]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]

"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 c:\windows\RtHDVCpl.exe]

"Skytel"="Skytel.exe" [2007-11-20 c:\windows\SkyTel.exe]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

SetupExecute REG_MULTI_SZ \0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{88BF001A-9987-4DD2-9B09-0D1250DCB920}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

"{211A2D2F-B9CE-4DA3-BEE1-44529DE3BAA0}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{4CEEF326-38AE-436A-AD07-37F30156BDE2}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{B9E66FE4-6D43-43F7-9A2D-DE44F7B2F57F}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{0CF90B2C-0E12-4B0C-A7FC-035E5E4B4B24}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{54A8E449-C730-4705-922D-01AF15F3DEAF}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{74918C60-6D94-47F5-A813-2CF39A5672AA}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{1CEA23D8-6EA7-4FC2-8681-E994B5BE7D8A}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe

"{D9FAD534-8285-4065-9AA4-3556434FB2B0}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe

"{3987C1E3-04CB-4619-9D5B-2A88EA3BE5DC}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{9D021A96-E5B7-42DB-A87B-4144B588EA3C}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe

"{E959209F-B43A-4FDB-ACB2-F0E638F366EE}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie

"{43758C79-78B2-4F99-A565-FBF71BC0DAAB}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program

"{D346CD1A-FF70-4702-899B-2F5A13FD2830}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia

"{B9045E95-B157-44AD-BAC9-6D49142EFF32}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{A995FD63-1921-4F72-84D4-25871BD57218}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{5933F564-250B-4C23-B3ED-29FF3455B77A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{E013AB90-A434-4D26-A8A9-1309EB59AACD}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{A20548EE-53D6-4A54-ABE7-B0EFA79F7384}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{C4506AF2-A3AA-42E0-AE47-4D1B425F8E95}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"{0E98B4A6-1656-4D34-B37E-DB652FBF0DEE}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

"{61B249B1-4B5D-4AC8-AB80-0A761FCFF7F1}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{9ECDAEE5-8695-4E05-A623-C515BBD97356}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{F6073342-A016-4BDB-BA3D-4D02D8DAA31B}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{4CB92C4F-A427-40A0-A9D9-B6FE008B3B95}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{773EA357-3F79-4867-8661-4F19DF13CFA2}"= UDP:c:\program files\AIM6\aim6.exe:AIM

"{DD081A53-0BD8-47C6-ADA0-569E19C3770A}"= TCP:c:\program files\AIM6\aim6.exe:AIM

"{4E91D0FE-C0BF-4608-AFA6-6224C43E5D33}"= UDP:c:\program files\VoipStunt.com\VoipStunt\VoipStunt.exe:VoipStunt

"{4A34B135-991F-4D43-A4F7-C57E6B80972E}"= TCP:c:\program files\VoipStunt.com\VoipStunt\VoipStunt.exe:VoipStunt

"{82D8AAEE-E1E1-498C-8B6E-E7A4ECECD6E8}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{C71D930F-37DD-4ACC-9542-2E6F006D8544}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2009-01-30 09:54:05 61424]

R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]

R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-01-30 81504]

R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-05-22 24576]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-01 203280]

R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]

R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2009-01-30 122368]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-03-14 24652]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-05-23 210432]

R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [2008-05-23 54784]

R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [2009-01-30 22072]

S2 gupdate1c99b2f23e8043e;Googles oppdateringstjeneste (gupdate1c99b2f23e8043e);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 133104]

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-03-21 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-02 12:40]

 

2009-03-21 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 13:04]

 

2009-02-15 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

 

2009-02-01 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

 

2009-03-21 c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

- c:\users\GodkilleR\AppData\Local\Temp\2452.exe []

.

- - - - TOMME PEKERE FJERNET - - - -

 

HKCU-Run-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe

HKCU-Run-VoipStunt - c:\program files\VoipStunt.com\VoipStunt\VoipStunt.exe

HKCU-Run-VoipDiscount - c:\program files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe

HKLM-Run-eRecoveryService - (no file)

 

 

.

------- Tilleggsskanning -------

.

uStart Page = no.intl.acer.yahoo.com

mStart Page = hxxp://no.intl.acer.yahoo.com

uInternet Settings,ProxyOverride = *.local

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\GodkilleR\AppData\Roaming\Mozilla\Firefox\Profiles\w3tish7k.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=

FF - prefs.js: browser.search.selectedEngine - AIM Search

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=

FF - plugin: c:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-21 18:14:08

Windows 6.0.6001 Service Pack 1 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

Tidspunkt ferdig: 2009-03-21 18:16:34

ComboFix-quarantined-files.txt 2009-03-21 17:16:30

 

Pre-Run: 45 824 897 024 byte ledig

Post-Run: 45,888,999,424 byte ledig

 

313 --- E O F --- 2009-03-15 12:30:39

[norbat]

Det ligger noe rusk tilbake. Gjør følgende:

 

Oppdater Malwarebytes og kjør en ny rask skann.

Kjør Combofix på nytt og post loggen sammen med loggen fra Malwarebytes.

[Gjest]

Det ligger noe rusk tilbake. Gjør følgende:

 

Oppdater Malwarebytes og kjør en ny rask skann.

Kjør Combofix på nytt og post loggen sammen med loggen fra Malwarebytes.

 

 

 

COMBOFIX LOG:

 

 

ComboFix 09-03-19.02 - GodkilleR 2009-03-21 19:28:15.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.2525.1484 [GMT 1:00]

Kjører fra: c:\users\GodkilleR\Desktop\ComboFix.exe

* Opprettet nytt gjenopprettingspunkt

* Resident AV is active

 

.

 

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-02-21 til 2009-03-21 )))))))))))))))))))))))))))))))))

.

 

2009-03-18 21:17 . 2009-03-18 21:17 <DIR> d-------- c:\users\GodkilleR\AppData\Roaming\Malwarebytes

2009-03-18 21:17 . 2009-03-18 21:17 <DIR> d-------- c:\users\All Users\Malwarebytes

2009-03-18 21:17 . 2009-03-18 21:17 <DIR> d-------- c:\programdata\Malwarebytes

2009-03-18 21:17 . 2009-03-18 21:17 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-03-18 21:17 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2009-03-18 21:17 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2009-03-18 19:55 . 2009-03-18 21:27 <DIR> d-------- c:\program files\Common Files\PC Tools

2009-03-18 19:33 . 2009-03-18 19:33 <DIR> d-------- c:\users\GodkilleR\AppData\Roaming\Yahoo!

2009-03-18 19:33 . 2009-03-18 19:33 <DIR> d-------- c:\users\All Users\Yahoo! Companion

2009-03-18 19:33 . 2009-03-18 19:33 <DIR> d-------- c:\programdata\Yahoo! Companion

2009-03-18 19:33 . 2009-03-18 19:33 <DIR> d-------- c:\program files\Enigma Software Group

2009-03-17 16:53 . 2009-03-17 16:54 <DIR> d-------- C:\vcs5core

2009-03-17 16:53 . 2009-03-17 16:53 <DIR> d-------- C:\vcs5BGEffects

2009-03-17 16:53 . 2009-03-17 16:53 <DIR> d-------- C:\AV_LOGS

2009-03-17 09:56 . 2009-03-17 16:52 <DIR> d-------- c:\program files\AV Vcs 6.0 DIAMOND

2009-03-16 20:42 . 2009-03-16 20:42 <DIR> d-------- c:\users\All Users\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

2009-03-16 20:42 . 2009-03-16 20:42 <DIR> d-------- c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

2009-03-16 20:42 . 2009-03-16 20:42 <DIR> d-------- c:\program files\iTunes

2009-03-16 20:42 . 2009-03-16 20:42 <DIR> d-------- c:\program files\iPod

2009-03-16 20:42 . 2008-04-17 12:12 107,368 --a------ c:\windows\System32\GEARAspi.dll

2009-03-16 20:42 . 2009-01-15 12:19 23,848 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys

2009-03-16 10:17 . 2009-03-16 11:35 <DIR> d-------- c:\users\GodkilleR\AppData\Roaming\VoipStunt

2009-03-15 22:41 . 2009-03-15 22:43 <DIR> d-------- c:\program files\ANPARK

2009-03-15 21:51 . 2009-03-15 21:52 4,863 --a------ c:\windows\Uninstall\FAKEFACTORY CM9 Uninstall Log.txt

2009-03-14 23:48 . 2009-03-14 23:48 <DIR> d-------- c:\program files\Ai

2009-03-14 23:43 . 2009-03-14 23:43 <DIR> d-------- c:\program files\Common Files\Software Update Utility

2009-03-14 23:42 . 2009-03-14 23:42 <DIR> d-------- c:\users\All Users\Viewpoint

2009-03-14 23:42 . 2009-03-14 23:44 <DIR> d-------- c:\users\All Users\AOL OCP

2009-03-14 23:42 . 2009-03-14 23:42 <DIR> d-------- c:\users\All Users\AOL

2009-03-14 23:42 . 2009-03-14 23:42 <DIR> d-------- c:\programdata\Viewpoint

2009-03-14 23:42 . 2009-03-14 23:44 <DIR> d-------- c:\programdata\AOL OCP

2009-03-14 23:42 . 2009-03-14 23:42 <DIR> d-------- c:\programdata\AOL

2009-03-14 23:42 . 2009-03-14 23:42 <DIR> d-------- c:\program files\Viewpoint

2009-03-14 23:42 . 2009-03-15 21:48 <DIR> d-------- c:\program files\Common Files\AOL

2009-03-14 23:41 . 2009-03-14 23:48 731 --ah----- C:\IPH.PH

2009-03-13 00:16 . 2009-03-13 00:16 0 --a------ c:\windows\nsreg.dat

2009-03-11 22:50 . 2009-03-11 22:50 <DIR> d--h----- c:\users\All Users\CanonBJ

2009-03-11 22:50 . 2009-03-11 22:50 <DIR> d--h----- c:\programdata\CanonBJ

2009-03-11 13:01 . 2009-03-12 18:18 <DIR> d-------- c:\users\GodkilleR\AppData\Roaming\SEW

2009-03-11 13:01 . 2009-03-18 21:09 <DIR> d-------- c:\program files\NetCom pcSMS Selvstendig

2009-03-11 11:57 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll

2009-03-11 11:57 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx

2009-03-11 11:57 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll

2009-03-11 11:56 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys

2009-03-11 11:56 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll

2009-03-05 18:48 . 2009-03-05 18:48 <DIR> d-------- c:\windows\Downloaded Installations

2009-03-05 16:27 . 2008-03-13 17:48 290,816 --a------ c:\windows\RTKVADDA.EXE

2009-03-05 16:20 . 2009-03-05 16:20 <DIR> d-------- c:\program files\Realtek

2009-03-05 16:17 . 2008-03-05 18:07 520,192 --a------ c:\windows\RtlExUpd.dll

2009-03-04 12:21 . 2009-03-04 12:21 <DIR> d-------- c:\users\GodkilleR\AppData\Roaming\Unigraphics Solutions

2009-03-04 12:07 . 2009-03-04 12:14 <DIR> d-------- c:\program files\Solid Edge V20

2009-03-02 12:40 . 2009-03-20 22:28 <DIR> d-------- c:\users\All Users\Google Updater

2009-03-02 12:40 . 2009-03-20 22:28 <DIR> d-------- c:\programdata\Google Updater

2009-03-02 12:40 . 2009-03-02 13:05 <DIR> d-------- c:\program files\Google

2009-03-02 08:44 . 2009-03-02 08:45 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE

2009-03-01 22:06 . 2009-03-01 22:31 <DIR> d-------- c:\program files\EA GAMES

2009-03-01 21:52 . 2004-08-18 09:34 442,368 -ra------ c:\windows\System32\vp6vfw.dll

2009-02-28 07:06 . 2009-02-28 07:06 <DIR> d-------- c:\program files\Bonjour

2009-02-25 16:04 . 2009-02-25 20:07 <DIR> d-------- C:\HammerAutosave

2009-02-24 20:29 . 2009-02-24 20:29 975 --a------ c:\windows\Uninstall\FAKEFACTORY CM Setup Log.txt

2009-02-24 19:55 . 2009-03-15 21:52 <DIR> d-------- c:\windows\Uninstall\FAKEFACTORY CM9

2009-02-24 19:54 . 2009-03-15 21:51 <DIR> d-------- c:\windows\Uninstall

2009-02-24 19:54 . 2009-02-24 20:28 12,861 --a------ c:\windows\Uninstall\FAKEFACTORY CM9 Setup Log.txt

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-21 10:02 --------- d-----w c:\program files\Common Files\Steam

2009-03-21 09:48 --------- d-----w c:\users\GodkilleR\AppData\Roaming\LimeWire

2009-03-18 20:12 --------- d---a-w c:\programdata\Temp

2009-03-16 19:42 --------- d-----w c:\programdata\Apple Computer

2009-03-16 19:42 --------- d-----w c:\program files\Common Files\Apple

2009-03-15 20:50 --------- d-----w c:\program files\Microsoft Games

2009-03-15 20:47 --------- d-----w c:\program files\Xplorer 360

2009-03-13 23:42 --------- d-----w c:\program files\Windows Mail

2009-03-05 15:20 319,456 ----a-w c:\windows\DIFxAPI.dll

2009-03-05 15:20 --------- d--h--w c:\program files\InstallShield Installation Information

2009-03-04 11:06 --------- d-----w c:\program files\Common Files\InstallShield

2009-02-28 21:20 8 ----a-w c:\program files\beta.txt

2009-02-21 09:36 --------- d-----w c:\program files\Windows Live

2009-02-19 09:44 --------- d-----w c:\users\GodkilleR\AppData\Roaming\Sony

2009-02-19 09:26 --------- d-----w c:\users\GodkilleR\AppData\Roaming\Publish Providers

2009-02-19 09:26 --------- d-----w c:\users\GodkilleR\AppData\Roaming\NetMedia Providers

2009-02-19 09:21 --------- d-----w c:\program files\Sony Setup

2009-02-16 15:39 --------- d-----w c:\users\GodkilleR\AppData\Roaming\Apple Computer

2009-02-16 14:01 --------- d-----w c:\program files\QuickTime

2009-02-16 14:00 --------- d-----w c:\program files\Apple Software Update

2009-02-16 13:58 --------- d-----w c:\programdata\Apple

2009-02-15 23:06 --------- d-----w c:\programdata\Office Genuine Advantage

2009-02-13 12:56 --------- d-----w c:\programdata\eSobi

2009-02-12 00:54 --------- d-----w c:\program files\Valve

2009-02-11 00:19 201,728 ----a-w c:\windows\System32\Rockstar Monolith.scr

2009-02-11 00:15 --------- d-----w c:\program files\directx

2009-02-11 00:14 --------- d-----w c:\program files\Rockstar Games

2009-02-10 07:54 --------- d-----w c:\program files\Delta

2009-02-10 07:38 --------- d-----w c:\program files\Fsh3demo

2009-02-08 20:53 --------- d-----w c:\program files\Microsoft

2009-02-08 20:50 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition

2009-02-08 20:40 --------- d-----w c:\program files\FreePOPs

2009-02-07 20:01 --------- d-----w c:\program files\Nidesoft Studio

2009-02-06 18:59 308,104 ----a-w c:\windows\WLXPGSS.SCR

2009-02-06 17:52 49,504 ----a-w c:\windows\System32\sirenacm.dll

2009-02-04 23:59 --------- d-----w c:\users\GodkilleR\AppData\Roaming\CyberLink

2009-02-04 23:59 --------- d-----w c:\programdata\PlayMovie

2009-02-04 23:59 --------- d-----w c:\programdata\CyberLink

2009-02-02 11:37 --------- d-----w c:\programdata\Microsoft Help

2009-02-02 07:06 --------- d-----w c:\program files\McAfee

2009-02-02 01:30 --------- d-----w c:\program files\BitLord

2009-02-01 14:51 --------- d-----w c:\programdata\SiteAdvisor

2009-02-01 14:51 --------- d-----w c:\programdata\McAfee

2009-01-31 17:02 --------- d-----w c:\program files\Windows Live SkyDrive

2009-01-31 15:57 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2009-01-31 14:18 --------- d-----w c:\program files\MSXML 4.0

2009-01-31 14:18 --------- d-----w c:\program files\Microsoft Works

2009-01-30 21:04 --------- d-----w c:\program files\Common Files\Windows Live

2009-01-30 16:40 --------- d-----w c:\program files\Opera

2009-01-30 15:32 --------- d-----w c:\program files\LimeWire

2009-01-30 15:31 410,984 ----a-w c:\windows\System32\deploytk.dll

2009-01-30 15:31 --------- d-----w c:\program files\Java

2009-01-30 14:24 --------- d-----w c:\program files\Codec Pack - All In 1

2009-01-30 14:23 737,280 ----a-w c:\windows\iun6002.exe

2009-01-30 13:52 --------- d-----w c:\users\GodkilleR\AppData\Roaming\vlc

2009-01-30 13:49 --------- d-----w c:\program files\VideoLAN

2009-01-30 09:51 --------- d-----w c:\users\GodkilleR\AppData\Roaming\ATI

2009-01-30 09:51 --------- d-----w c:\program files\Acer GameZone

2009-01-30 09:06 --------- d-----w c:\programdata\ATI

2009-01-30 08:57 --------- d-----w c:\program files\Acer Incorporated

2009-01-30 08:56 --------- d-----w c:\program files\Acer Arcade Deluxe

2009-01-30 08:29 --------- d-----w c:\program files\Acer Inc

2009-01-30 08:26 --------- d-----w c:\program files\ATI Technologies

2009-01-30 08:19 --------- d-----w c:\program files\ATI

2009-01-30 08:18 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf

2009-01-30 08:18 --------- d-----w c:\program files\Apoint2K

2009-01-30 08:16 --------- d-----w c:\program files\Launch Manager

2009-01-30 08:05 --------- d-----w c:\users\GodkilleR\AppData\Roaming\eSobi

2009-01-30 08:02 --------- d-----w c:\program files\Acer

2009-01-30 08:00 --------- d-sh--w c:\programdata\Start-meny

2009-01-30 08:00 --------- d-sh--w c:\programdata\Skrivebord

2009-01-30 08:00 --------- d-sh--w c:\programdata\Programdata

2009-01-30 08:00 --------- d-sh--w c:\programdata\Maler

2009-01-30 08:00 --------- d-sh--w c:\programdata\Favoritter

2009-01-30 08:00 --------- d-sh--w c:\programdata\Dokumenter

2009-01-30 08:00 --------- d-sh--w c:\program files\Fellesfiler

2009-01-30 07:49 --------- d-----w c:\program files\AMD

2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll

2008-12-31 16:04 691,560 ----a-w c:\windows\System32\OGACheckControl.dll

2008-12-31 16:04 528,744 ----a-w c:\windows\System32\OGAVerify.exe

2008-12-31 16:04 502,120 ----a-w c:\windows\System32\OGAAddin.dll

2008-12-27 14:18 5,120 ----a-w c:\windows\System32\lwel-manifest.dll

2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini

.

 

((((((((((((((((((((((((((((( SnapShot@2009-03-21_18.14.59,29 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-03-21 17:13:59 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-03-21 18:31:31 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-03-21 18:31:31 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2009-03-21 17:08:03 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat

+ 2009-03-21 18:27:55 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 22:38 121392 --a------ c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885400]

"Steam"="c:\program files\valve\steam\steam.exe" [2009-02-12 1410296]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]

"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-05-09 397312]

"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]

"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]

"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-05-27 850440]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]

"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]

"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-30 136600]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]

"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 c:\windows\RtHDVCpl.exe]

"Skytel"="Skytel.exe" [2007-11-20 c:\windows\SkyTel.exe]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{88BF001A-9987-4DD2-9B09-0D1250DCB920}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

"{211A2D2F-B9CE-4DA3-BEE1-44529DE3BAA0}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{4CEEF326-38AE-436A-AD07-37F30156BDE2}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{B9E66FE4-6D43-43F7-9A2D-DE44F7B2F57F}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{0CF90B2C-0E12-4B0C-A7FC-035E5E4B4B24}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{54A8E449-C730-4705-922D-01AF15F3DEAF}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{74918C60-6D94-47F5-A813-2CF39A5672AA}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{1CEA23D8-6EA7-4FC2-8681-E994B5BE7D8A}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe

"{D9FAD534-8285-4065-9AA4-3556434FB2B0}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe

"{3987C1E3-04CB-4619-9D5B-2A88EA3BE5DC}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{9D021A96-E5B7-42DB-A87B-4144B588EA3C}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe

"{E959209F-B43A-4FDB-ACB2-F0E638F366EE}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie

"{43758C79-78B2-4F99-A565-FBF71BC0DAAB}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program

"{D346CD1A-FF70-4702-899B-2F5A13FD2830}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia

"{B9045E95-B157-44AD-BAC9-6D49142EFF32}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{A995FD63-1921-4F72-84D4-25871BD57218}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{5933F564-250B-4C23-B3ED-29FF3455B77A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{E013AB90-A434-4D26-A8A9-1309EB59AACD}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{A20548EE-53D6-4A54-ABE7-B0EFA79F7384}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{C4506AF2-A3AA-42E0-AE47-4D1B425F8E95}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"{0E98B4A6-1656-4D34-B37E-DB652FBF0DEE}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

"{61B249B1-4B5D-4AC8-AB80-0A761FCFF7F1}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{9ECDAEE5-8695-4E05-A623-C515BBD97356}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{F6073342-A016-4BDB-BA3D-4D02D8DAA31B}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{4CB92C4F-A427-40A0-A9D9-B6FE008B3B95}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{773EA357-3F79-4867-8661-4F19DF13CFA2}"= UDP:c:\program files\AIM6\aim6.exe:AIM

"{DD081A53-0BD8-47C6-ADA0-569E19C3770A}"= TCP:c:\program files\AIM6\aim6.exe:AIM

"{4E91D0FE-C0BF-4608-AFA6-6224C43E5D33}"= UDP:c:\program files\VoipStunt.com\VoipStunt\VoipStunt.exe:VoipStunt

"{4A34B135-991F-4D43-A4F7-C57E6B80972E}"= TCP:c:\program files\VoipStunt.com\VoipStunt\VoipStunt.exe:VoipStunt

"{82D8AAEE-E1E1-498C-8B6E-E7A4ECECD6E8}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{C71D930F-37DD-4ACC-9542-2E6F006D8544}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2009-01-30 09:54:05 61424]

R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]

R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-01-30 81504]

R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-05-22 24576]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-01 203280]

R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]

R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2009-01-30 122368]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-03-14 24652]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-05-23 210432]

R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [2008-05-23 54784]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [2009-03-18 38496]

R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [2009-01-30 22072]

S2 gupdate1c99b2f23e8043e;Googles oppdateringstjeneste (gupdate1c99b2f23e8043e);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 133104]

 

--- Andre tjenester/drivere lastet i minnet ---

 

*NewlyCreated* - MBAMSWISSARMY

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-03-21 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-02 12:40]

 

2009-03-21 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 13:04]

 

2009-02-15 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

 

2009-02-01 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

.

.

------- Tilleggsskanning -------

.

uStart Page = no.intl.acer.yahoo.com

mStart Page = hxxp://no.intl.acer.yahoo.com

uInternet Settings,ProxyOverride = *.local

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\GodkilleR\AppData\Roaming\Mozilla\Firefox\Profiles\w3tish7k.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=

FF - prefs.js: browser.search.selectedEngine - AIM Search

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=

FF - plugin: c:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-21 19:31:25

Windows 6.0.6001 Service Pack 1 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'Explorer.exe'(6808)

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll

c:\windows\System32\SysHook.dll

.

Tidspunkt ferdig: 2009-03-21 19:34:00

ComboFix-quarantined-files.txt 2009-03-21 18:33:53

ComboFix2.txt 2009-03-21 17:16:36

 

Pre-Run: 45 233 778 688 byte ledig

Post-Run: 44,779,610,112 byte ledig

 

313 --- E O F --- 2009-03-15 12:30:39

 

 

 

MALWAREBYTE LOGG:

 

 

Malwarebytes' Anti-Malware 1.34

Databaseversjon: 1882

Windows 6.0.6001 Service Pack 1

 

21.03.2009 19:24:33

mbam-log-2009-03-21 (19-24-33).txt

 

Skanntype: Rask Skann

Objekter skannet: 62160

Tid tilbakelagt: 4 minute(s), 10 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 4

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\Windows\msa.exe (Trojan.Renos) -> Quarantined and deleted successfully.

C:\Windows\msb.exe (Trojan.Renos) -> Quarantined and deleted successfully.

C:\Windows\msc.exe (Trojan.Renos) -> Quarantined and deleted successfully.

C:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

[norbat]

Loggen ser fin ut. Opplever du fortsatt noen problemer?

[Gjest]

Loggen ser fin ut. Opplever du fortsatt noen problemer?

 

 

Nei, det ser ut som alt er fint og perfekt Takk for all hjelp!!